REPLACEMENT CLAIMS 
What is claimed is: 

1 . (Original) A method comprising: 

allowing a station to have a first connection to a network over a first 
interface; and 

determining that the station is attempting to have a second connection to 
the network over a second interface other than the first interface. 

2. (Original) The method defined in Claim 1 wherein determining that 
the station is attempting to have a second connection to the network comprises 
checking memory associated with the station to see if the first and second 
interfaces belong to the station. 

3. (Original) The method defined in Claim 2 wherein the memory 
comprises a table with locations indicating interfaces for the station. 

4. (Original) The method defined in Claim 3 wherein checking memory 
associated with the station to see if the first and second interfaces belong to the 
station comprises searching the locations in the table to determine if media 
access control (MAC) addresses of the first and second interfaces are listed as 
belonging to the station. 
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5. (Original) The method defined in Claim 1 further comprising 
enforcing a security policy in response to determining that the station is 
attempting to connect to the network over a second interface other than the first 
interface. 

6. (Original) The method defined in Claim 5 wherein the security 
policy does not permit connection to the network through multiple interfaces of 
the same station, and wherein enforcing the security policy comprises denying 
the second connection to the network. 

7. (Original) The method defined in Claim 6 wherein denying the 
second connection comprises disabling a MAC address associated with the 
second interface. 

8. (Original) The method defined in Claim 5 wherein the security 
policy does not permit connection to the network through multiple interfaces of 
the same station, and wherein enforcing the security policy comprises disabling 
the first connection to the network. 

9. (Original) The method defined in Claim 8 wherein disabling the first 
connection comprises removing a MAC address associated with the first 
interface from a list of active stations. 
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10. (Original) The method defined in Claim 5 wherein the security 
policy does not permit connection to the network through multiple interfaces of 
the same station, and wherein enforcing the security policy comprises denying 
the first and second connections to the network. 

1 1 . (Original) The method defined in Claim 10 wherein denying the first 
connection comprises removing a MAC address associated with the first 
interface from a list of active stations and disabling its corresponding entry in the 
access control list, and further wherein denying the second connection 
comprises disabling a second MAC address associated with the second interface 
from becoming listed in a list of active stations. 

12. (Original) The method defined in Claim 5 wherein the security 
policy allows access to the network by the station over multiple interfaces. 

1 3. (Original) A method comprising: 

reconciling a plurality of interfaces corresponding to a single station when 
the station has access to a network resource through a first of the plurality of 
interfaces and is attempting to gain access to the network resource through a 
second of the plurality of interfaces; and 

enforcing a security policy with respect to the single station in response to 
the single station attempting to have a plurality of interfaces by which to access 
the network resource. 
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14. (Original) A switch for providing access to a network for one or 
more stations, the switch comprising: 

a plurality of ports; 

a controller coupled to the ports to allow a station to have a first 
connection to a network over a first interface and to determine that the station is 
attempting to have a second connection to the network over a second interface 
other than the first interface. 

15. (Original) The switch defined in Claim 14 wherein the controller 
determines that the station is attempting to have a second connection to the 
network by checking memory associated with the station to see if the first and 
second interfaces belong to the station. 

16. (Original) The switch defined in Claim 15 further comprising a 
memory coupled to the controller, the memory to store a table with locations 
indicating interfaces for the station. 

17. (Original) The switch defined in Claim 16 wherein the controller 
checks the memory associated with the station to see if the first and second 
interfaces belong to the station by searching the locations in the table to 
determine if media access control (MAC) addresses of the first and second 
interfaces are listed as belonging to the station. 
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18. (Original) The switch defined in Claim 14 wherein the controller 
enforces a security policy in response to determining that the station is 
attempting to connect to the network over a second interface other than the first 
interface. 

19. (Original) The switch defined in Claim 18 wherein the security 
policy does not permit connection to the network through multiple interfaces of 
the same station, and wherein the controller enforces the security policy by 
denying the second connection to the network. 

20. (Original) The switch defined in Claim 19 wherein denying the 
second connection comprises disabling a MAC address associated with the 
second interface. 

21 . (Original) The switch defined in Claim 18 wherein the security 
policy does not permit connection to the network through multiple interfaces of 
the same station, and wherein the controller enforces the security policy by 
disabling the first connection to the network. 

22. (Original) The switch defined in Claim 21 wherein the controller 
denies the first connection by removing a MAC address associated with the first 
interface from a list of active stations. 
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23. (Original) The switch defined in Claim 18 wherein the security 
policy does not permit connection to the network through multiple interfaces of 
the same station, and wherein the controller enforces the security policy by 
disabling the first and denying the second connections to the network. 

24. (Original) The switch defined in Claim 10 wherein the controller 
disables the first connection by removing a MAC address associated with the 
first interface from a list of active stations and denies the second connection by 
disabling a second MAC address associated with the second interface from 
becoming listed in a list of active stations. 

25. (Original) A method comprising: 

allowing a station to have a set of one or more connections to a network 
over a first set of one or more interfaces; 

determining that the station is attempting to have another connection to 
the network over another interface other than the first set of interfaces; and 

performing an action in response to determining the station is attempting 
the other connection. 
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If any additional fee is required, please charge Deposit Account No. 02- 
2666. A duplicate of this Response is enclosed for deposit account charging 
purposes. 

Respectfully submitted, 

BLAKELY, SOKOLOFF, TAYLOR & ZAFMAN LLP 

q4- ^ 



Dated: 



Michael J. Mallie 
Reg. No. 36,591 



12400 Wilshire Blvd. 
Seventh Floor 
Los Angeles, CA 90025 
(408) 720-8300 
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